GRC Flashcards
Define Governance
Ensuring that organsational activities are aligned with business goals
Define Risk
Any risk or opportunity associated with business activities is identified
Define Compliance
business activities operated to meet laws and regulations
What are the benefits of GRC?
- improved decision-making
- more optimal investments
- reduced fragmentation among departments
Discuss NIST
National Institute of Standards and Technology
- creates voluntary framework - no penalties or fines for not following
- provides customisable guide
- combined standards, guidelines and best practices
- encourages communication
- common risk language
Discuss ISO
International Organisation for Standardisation
- international, non-governmental organisation
- consists of various bodies that develop and publish standards
- ISO 27000 - security requirements around maintenance of information security management systems
- ISO 31000 - governs principles of implementation and risk management
Outline PCI-DSS
Payment Card Industry Data Security Standard
-Independent body created by financial firms. Standard - not law.
- Consists of 12 requirements
- designed to reduce fraud and protect CC informattion
- contractually required of any company handling CC information
- consequences of not complying - penalties from CC companies, data breaches, legal action, lost revenue
Outline GDPR
General Data Protection Regulation
- EU regulation
- Regulates data protection and privacy of citizens in EU
- Applies to - any company in the EU, any company handling the data of an EU citizen
- Penalties - Up to 20 mil euros, up to 4% of global revenue